On 4/9/2014 7:25 PM, Miles Fidelman wrote:
Dave Crocker wrote:
Everything they are doing is "legal".
Your (possibly entirely valid) assessment that their action is
ill-advised or unpleasant does not equal broken.
Well, sort of - given that DMARC is still an Internet draft, not even an
experimental standard. Maybe it's doing what the draft says it is - but
it's an alpha-level protocol, that breaks a lot of things it touches. If
not "broken" it's certainly "not ready for prime time" - and large scale
deployment is akin to a DDoS attack - i.e., not "ill-advised" but
verging on criminal.
While IETF "full" standards status does indicate real deployment and
serious technical maturity, IETF Proposed Standard does not mean mature
or immature, given the varied history of work leading to Proposed.
SSL was quite mature, before the IETF did enhancements to produce TLS.
The IETF's version of DKIM was essentially v4 for the technology.
DMARC is estimated to currently cover roughly 60% of the world's email
traffic. As "not ready for prime time" goes, that's quite a lot of
prime time.
Yahoo! is choosing to apply the technology for usage scenarios that have
long been known to be problematic. Again, they've made an informed
choice. Whether it's justified and whether it was the right choice is
more of a political or management discussion than a technical one.
In technical terms, DMARC is reasonably simple and reasonably well
understood and extensively deployed.
For most discussions, that qualifies as 'mature'...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net